header-logo
Suggest Exploit
vendor:
FuseTalk
by:
Unknown
5.5
CVSS
MEDIUM
Cross-site scripting (XSS)
79
CWE
Product Name: FuseTalk
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:fusetalk:fusetalk
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Cross-site scripting vulnerabilities in FuseTalk

The application fails to sufficiently sanitize user-supplied input, leading to multiple cross-site scripting vulnerabilities. An attacker can exploit these vulnerabilities to steal cookie-based authentication credentials and launch other attacks.

Mitigation:

To mitigate these vulnerabilities, it is recommended to sanitize user-supplied input and implement proper input validation and output encoding. Regular security audits and updates to the latest version of FuseTalk can also help prevent XSS attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24563/info

FuseTalk is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit these issues to steal cookie-based authentication credentials and launch other attacks. 

http://www.example.com/forum/include/common/comfinish.cfm?FTRESULT.errorcode=0&FTVAR_SCRIPTRUN=[xss]

Navigation

Suggest Exploit

Services By CQR